diff --git a/src/pretix/api/urls.py b/src/pretix/api/urls.py
index 2df593a50..911ce8c9e 100644
--- a/src/pretix/api/urls.py
+++ b/src/pretix/api/urls.py
@@ -67,7 +67,7 @@ orga_router.register(r'invoices', order.InvoiceViewSet)
 orga_router.register(r'scheduled_exports', exporters.ScheduledOrganizerExportViewSet)
 orga_router.register(r'exporters', exporters.OrganizerExportersViewSet, basename='exporters')
 orga_router.register(r'transactions', order.OrganizerTransactionViewSet)
-orga_router.register(r'orderpositions', order.OrganizerPositionViewSet, basename='orderpositions')
+orga_router.register(r'orderpositions', order.OrganizerOrderPositionViewSet, basename='orderpositions')
 
 team_router = routers.DefaultRouter()
 team_router.register(r'members', organizer.TeamMemberViewSet)
diff --git a/src/pretix/api/views/order.py b/src/pretix/api/views/order.py
index ee5668187..c82815f91 100644
--- a/src/pretix/api/views/order.py
+++ b/src/pretix/api/views/order.py
@@ -1096,8 +1096,8 @@ class OrderPositionViewSetMixin:
             qs = OrderPosition.all
         else:
             qs = OrderPosition.objects
-
-        if self.request.query_params.get('pdf_data', 'false').lower() == 'true':
+        qs = qs.filter(order__event__organizer=self.request.organizer)
+        if self.request.query_params.get('pdf_data', 'false').lower() == 'true' and getattr(request, 'event', None):
             prefetch_related_objects([self.request.organizer], 'meta_properties')
             prefetch_related_objects(
                 [self.request.event],
@@ -1167,20 +1167,14 @@ class OrderPositionViewSetMixin:
         raise NotFound('Unknown output provider.')
 
 
-class OrganizerPositionViewSet(OrderPositionViewSetMixin, viewsets.ReadOnlyModelViewSet):
+class OrganizerOrderPositionViewSet(OrderPositionViewSetMixin, viewsets.ReadOnlyModelViewSet):
     def get_queryset(self):
         qs = super().get_queryset()
 
         perm = self.permission if self.request.method in SAFE_METHODS else self.write_permission
 
-        if isinstance(self.request.auth, (TeamAPIToken, Device)):
+        if isinstance(self.request.auth, (TeamAPIToken, Device)) or self.request.user.is_authenticated::
             qs = qs.filter(
-                order__event__organizer=self.request.organizer,
-                order__event__in=self.request.auth.get_events_with_permission(perm, request=self.request)
-            )
-        elif self.request.user.is_authenticated:
-            qs = qs.filter(
-                order__event__organizer=self.request.organizer,
                 order__event__in=self.request.auth.get_events_with_permission(perm, request=self.request)
             )
 
@@ -1190,8 +1184,7 @@ class OrganizerPositionViewSet(OrderPositionViewSetMixin, viewsets.ReadOnlyModel
 class EventOrderPositionViewSet(OrderPositionViewSetMixin, viewsets.ModelViewSet):
     def get_serializer_context(self):
         ctx = super().get_serializer_context()
-        if hasattr(self.request, 'event'):
-            ctx['event'] = self.request.event
+        ctx['event'] = self.request.event
         ctx['pdf_data'] = self.request.query_params.get('pdf_data', 'false').lower() == 'true'
         return ctx